Solana News Today: Hack Timed to Disrupt Upbit's $10B Merger, Stealing $37M

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Monday, Dec 1, 2025 2:59 am ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- South Korea's Upbit suffered a $37M crypto breach via Solana-based hot wallet vulnerabilities, with North Korea's Lazarus Group suspected.

- Attack occurred one day after a $10.3B merger announcement, raising suspicions of deliberate timing to disrupt the deal.

- Upbit froze $8.18M in stolen assets and pledged reimbursement, but the incident highlights persistent exchange security gaps.

- The breach aligns with global trends of state-sponsored cybercrime, as North Korean groups accounted for 80% of 2024 crypto thefts by value.

- South Korea faces renewed regulatory scrutiny over crypto security, with debates intensifying about balancing innovation and risk mitigation.

South Korea's largest cryptocurrency exchange, Upbit, confirmed a $37 million breach in Solana-based assets after hackers exploited vulnerabilities in its hot wallet infrastructure, with North Korea's Lazarus Group suspected of involvement. The incident, detected at 4:42 a.m. on November 27, 2025, saw the unauthorized transfer of approximately 54 billion KRW ($36–$37 million) worth of tokens, including

Solana
(SOL), USD Coin (USDC), and smaller DeFi and
meme
coins like
Bonk
(BONK) and
Jupiter
(JUP)
according to reports
. Dunamu, Upbit's parent company, immediately suspended Solana network transactions and moved remaining assets to cold storage to prevent further losses,
pledging to reimburse affected users
from corporate reserves.

The timing of the hack has drawn scrutiny, as it occurred just one day after Dunamu announced a $10.3 billion merger with Naver Financial, a subsidiary of South Korea's tech giant Naver Corp.

Analysts speculate
that hackers may have deliberately targeted the event, which included a high-profile press conference, to amplify disruption. This marks Upbit's second major breach in six years,
echoing a 2019 incident
where 58 billion won ($30 million) in
Ethereum
was stolen using similar methods. South Korean authorities, including the Financial Supervisory Service and the National Office of Investigation's Cyber Terror Division, have launched an on-site probe,
citing strong evidence
linking the attack to Lazarus, a state-sponsored hacking group attributed to North Korea.

Upbit's response included emergency measures to freeze compromised assets and coordinate with blockchain projects to trace stolen funds. The exchange successfully

froze approximately $8.18 million
in Solaire (LAYER) tokens and is working with law enforcement to track remaining outflows. Despite these efforts, the breach underscores persistent vulnerabilities in hot wallet systems, which remain essential for liquidity but inherently exposed to cyberattacks. Security experts emphasize that while blockchain technology itself is resilient,
centralized exchanges face escalating risks
from sophisticated adversaries.

The incident has reignited debates over regulatory oversight in South Korea, where the Virtual Asset User Protection Act mandates exchanges maintain reserve funds to cover losses. Dunamu held 67 billion KRW in reserves as of Q3 2025,
according to financial disclosures
. However, the hack highlights gaps in enforcement, particularly as exchanges balance user experience with security.
The Financial Intelligence Unit previously flagged
600,000 potential KYC violations at Upbit during a 2024 license review, signaling broader compliance challenges.

Globally, the breach aligns with a surge in state-sponsored cybercrime targeting crypto infrastructure. Chainalysis reported that North Korean groups accounted for nearly 80% of crypto thefts by value in 2024, with Lazarus-linked attacks including the February 2025 Bybit hack-

where $1.4 billion was stolen
-further illustrating the group's capabilities. The stolen assets in the Upbit incident were rapidly laundered using mixing techniques,
a hallmark of Lazarus operations
.

While the immediate financial impact on Upbit is contained, the reputational and regulatory fallout loom large. The exchange's swift reimbursement pledge and cooperation with authorities aim to stabilize user confidence, but the incident may accelerate calls for stricter international collaboration on crypto security frameworks.

As South Korea positions itself
as a global fintech hub, the breach underscores the delicate balance between innovation and risk mitigation in the digital asset ecosystem.